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Remarks 

Applicants acknowledge and thank the Examiner for the allowance of Claims 
6-14, 20-27 and 31-34, as indicated in the Office Action dated July 1, 2005. In addition, 
Applicants have herein amended Claims 2-3 and 16-17 in order to rewrite Claims 2-3 and 
16-17 in independent form including the limitations of the base claim from which each 
Claim depends therefrom in accordance with the Examiner's objection of such Claims. 
Therefore, based on the foregoing amendments, Claims 2-3, 6-14, 16-17, 20-27 and 
31-34 are in allowable condition with Claims 2, 3, 6, 16, 17, 20 and 31 in independent 
form. 

In addition, Applicants have herein amended Claims 1, 5, 15, 18, 28 and 29, and 
respectfully request reconsideration of the Claims. 

Rejection of Claims 5, 18, 19, 29 and 30 Pursuant To 35 U.S.C. § 1 12 
Claims 5, 18, 19, 29 and 30 have been rejected pursuant to 35 U.S.C. § 112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which Applicants regard as the invention. In particular, the 
Examiner points out that each of the claims recite a limitation to "the session 
identification;" however, the limitation in each claim does not have sufficient antecedent 
basis. 

Claims 5, 1 8 and 29 have been amended to delete "the session identification" and 
to include therein "a session identification." Claim 19 depends from Claim 18 and 
requires no further amendment because Claim 1 8 provides the antecedent basis for the 
limitation of Claim 19 directed to "the session identification." Similarly, Claim 30 
depends from Claim 29 and requires no further amendment because Claim 29 provides 
the antecedent basis for the limitation of Claim 30 directed to "the session identification " 

Applicants respectfully submit that based upon the foregoing amendments to 
Claims 5, 18 and 29, sufficient antecedent basis is now provided and Claims 5, 18, 19, 29 
and 30 as a result are definite and distinctly claim the subject matter of the invention. 
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Re jection of Claims 1. 4. 15. 18. 28 and 29 Pursuant to 35 U.S .C. § 102(e) 
Claims 1, 4, 15, 18, 28 and 29 have been rejected pursuant to 35 U.S.C. § 102(e) 

as being anticipated by U.S. 6,766,454 issued to Riggins (hereinafter "Riggins"). 

Applicant respectfully traverses the rejection of Claims 1, 4, 15, 18, 28 and 29 for the 

reasons given below. 

Claim 1 has been amended herein and is directed to a method for authenticating a 
user of a computer. The method comprises transmitting a signal having a challenge 
string and a first encryption key; receiving a login packet having the challenge string and 
a password that is encrypted using the first encryption key and a hash of at least the 
challenge string and the password; decrypting the password; receiving information from 
an authentication provider; and authenticating the password by using the information 
received from the authentication provider. 

The Examiner indicates in the Office Action that Riggins discloses all of the 
limitations of Claim 1 . The Examiner identifies the following disclosures in Riggins in 
support thereof, including column 10, lines 62 to column 1 1 , line 21 ; column 6, line 66 to 
column 7, line 7; Figure 3, element 395; column 13, line 59 to column 14, line 43; and 
Figure 14. Applicants respectfully submit that Riggins does not disclose all of the 
limitations of Claim 1 and does not disclose at least receiving a login packet having the 
challenge string and a password that is encrypted using the first encryption key and a 
hash of at least the challenge string and the password. 

With reference to the Riggins disclosure in column 13, line 59 to column 14, line 
43, Riggins discloses the response generator 1 160 of the authentication applet 955 
"hashes a combination of the challenge and a hash of the user's password" (emphasis 
added) to generate a response to receiving a user ID and a password. Applicants 
respectfully submit that hashing the described combination is different from the 
limitation of Claim 1 directed to receiving a login packet (which the security applet 18 
provides) that includes a hash of at least the challenge string and the password and also 
includes the challenge string and a password that is encrypted using the first encryption 
key. This limitation is in contrast to Riggins which discloses the step of computing a 
response to receipt of the user ID and the password by hashing a combination of the 
challenge and a hashed user password. In this case, one of the variables is already 
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"hashed" and in combination with the challenge further hashed in accordance with a one- 
way algorithm. In addition, the step of generating a response to receiving the user ID 
and the password Riggins discloses does not include receiving the challenge string and 
the password that is encrypted using the first encryption key. 

Thus, Applicants respectfully submit that Riggins does not teach at least the 
limitation of Claim 1 directed to receiving a login packet having the challenge string and 
a password that is encrypted using the first encryption key and a hash of at least the 
challenge string and the password. Claim 1 therefore is patentably distinct from Riggins. 
Accordingly, the rejection of Claim 1 pursuant to 3 5 U.S.C. § 1 02(e) should be 
withdrawn. 

Claim 4 depends from Claim 1 and is patentable for at least the reasons given 
above. Therefore, the rejection of Claim 4 pursuant to 35 U.S.C. § 102(e) should be 
withdrawn. 

With respect to independent Claim 15, as the Examiner indicates, Claim 15 is 
directed to a system that includes limitations substantially equivalent to method Claim 1 . 
As amended herein Claim 1 5 comprises the limitation to a web server programmed to: 
receive a login packet having the challenge string and a password that is encrypted using 
the first encryption key and a hash of at least the challenge string and the password. For 
reasons similar to those discussed above with respect to Claim 1, Claim 15 is patentably 
distinct from Riggins with respect to at least this limitation of the web server. Therefore, 
the rejection of Claim 15 pursuant to 35 U.S.C. § 102(e) should be withdrawn. 

Claim 18 depends from Claim 15 and is patentable for at least the reasons given 

above. 

With respect to independent Claim 28, Claim 28 is directed to an article of 
manufacture comprising a computer readable medium having computer readable program 
code that includes limitations substantially equivalent to method Claim 1 . As amended 
herein Claim 28 comprises a computer readable medium having computer readable 
program code including instructions for: causing the computer system to receive a login 
packet having the challenge string and a password that is encrypted using the first 
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encryption key and a hash of at least the challenge string and the password. Claim 28 is 
patentably distinct from Riggins for at least the same reasons given above with respect to 
Claim 1. The rejection of Claim 28 pursuant to 35 U.S.C. § 102(e) therefore should be 
withdrawn. 

Claim 29 depends from Claim 28 and is patentable for at least the reasons given 
above. Accordingly, the rejection of Claim 29 should be withdrawn. 

Based upon the foregoing amendments and discussion, the present application is 
in condition for allowance and a notice to this effect is respectfully requested. Should the 
Examiner have any questions concerning this response, he is invited to telephone the 
undersigned. 




Date: December 29, 2005 



Registration No. 45,010 
MINTZ, LEVIN, COHN, FERRIS 
GLOVSKY and POPEO, P.C. 
Attorneys for Applicant(s) 
One Financial Center 
Boston, MA 02111 
Telephone: 617/348-4914 
Facsimile: 617/542-2241 
email: cpeters(a),mintz.com 
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